iPhone, iPad, Mac, and Apple Watch Vulnerabilities – CVE-2023-41061, CVE-2023-41064

Two vulnerabilities (CVE-2023-41061, CVE-2023-41064) impacting iPhones, iPads, Macs, and Apple Watches have been identified, with reports of active exploitation. These vulnerabilities have been patched by Apple. CVE-2023-41064 is a buffer overflow issue triggered by malicious images, while CVE-2023-41061 is a validation problem exploited via malicious attachments, both enabling arbitrary code execution.

Affected products:

iPhone 8 and later
iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Macs running macOS Ventura
Apple Watch Series 4 and later

Users are strongly advised to update their devices:

iPhone: Update to the latest iOS 16.6.1.
iPad: Update to the latest iPadOS 16.6.1.
Mac: Update to the latest macOS Ventura 13.5.2.
Apple Watch: Update to the latest watchOS 9.6.2.

Resources:

[1] https://support.apple.com/en-us/HT213905
[2] https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/